Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing Trojan that masks as a Java exectutable called "Minecraft Hack Kit." This kit is distributed as a tool to help Minecraft users perform moderating tasks such as kicking or banning other users in the game.

When run, however, the program will install three new applets along with a Launch Agent script that keeps them persistently running in the background. These secondary payload programs then attempt to steal Minecraft credentials and send them to various Hotmail accounts.

These new threats are relatively low in severity, with the Minecraft one being quite specific for those who play the Minecraft game (and who have Java installed), and who furthermore attempt to gain advantages in the game through a promised hack; however, both of these threats will run on a system that has the latest Java versions installed. Unlike the McRAT malware, however, the Minecraft attack does not attempt to exploit the Java Web plug-in and instead only tricks users to download and run the software, so even with a properly managed Java plug-in it will still run.

About the author

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
See full bio